Git: Multiple vulnerabilities
— GLSA 201605-01

Git contains multiple vulnerabilities that allow for the remote
execution of arbitrary code.

Affected Packages

Package

dev-vcs/git on all architectures

Affected versions

< 2.7.3-r1

Unaffected versions

>= 2.7.3-r1

Background

Git is a free and open source distributed version control system
designed to handle everything from small to very large projects with
speed and efficiency.

Description

Git is vulnerable to the remote execution of arbitrary code by cloning
repositories with large filenames or a large number of nested trees.
Additionally, some protocols within Git, such as git-remote-ext, can
execute arbitrary code found within URLs. These URLs that submodules use
may come from arbitrary sources (e.g., .gitmodules files in a remote
repository), and can effect those who enable recursive fetch. Restrict
the allowed protocols to well known and safe ones.

Impact

Remote attackers could execute arbitrary code on both client and server.